Rumor is real. Now published. Read URL.
Key Reinstallation Attacks Breaking WPA2
We discovered serious weaknesses in WPA2. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data.
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. We discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.
Our attack is especially catastrophic against
wpa_supplicant. Here, the client will install an all-zero encryption key instead of reinstalling the real key. Since the Linux autists are the only people that strictly follows what the standard suggested:
memset() the key to all-zero after installed. During the attack, it will reinstall the now-cleared encryption key, effectively installing an all-zero key.
I'm using WPA2 with only AES. That's also vulnerable?
Yes, that network configuration is also vulnerable. The attack works against both WPA1 and WPA2, against personal and enterprise networks, and against any cipher suite being used (WPA-TKIP, AES-CCMP, and GCMP). So everyone should update their devices to prevent the attack!
What if there are no security updates for my router?
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. For ordinary home users, your priority should be updating clients such as laptops and smartphones.
In short, it does allow an attacker to decrypt, modify and inject traffic. It doesn't allow an attacker to crack your Wi-Fi password, but if you are on /g/, you probably know the implication.
Anyway, WPA2 is not everything you need for serious security anyway...WPA doesn't have Forward Secrecy. If one can record all your WPA handshakes, and later obtained your PSK, all traffic can be decrypted. The defense is IPSec, but it's extremely hard to maintain the system, and I found the easiest way is installing a VPN, such as OpenVPN (with DHE) on the router. Now shit happens, and this solution is proved to be useful.